![Siemens SIMATIC NET SCALANCE XM-400 Operating Instructions Manual Download Page 14](http://html.mh-extra.com/html/siemens/simatic-net-scalance-xm-400/simatic-net-scalance-xm-400_operating-instructions-manual_383914014.webp)
Recommendations on network security
SCALANCE XM-400
14
Operating Instructions, 09/2018, C79000-G8976-C306-08
Software (security functions)
●
Keep the firmware up to date. Check regularly for security updates for the device. You
can find information on this at the Industrial Security
https://www.siemens.com/industrialsecurity
) website.
●
Inform yourself regularly about security recommendations published by Siemens
ProductCERT (
https://www.siemens.com/cert/en/cert-security-advisories.htm
●
Only activate protocols that you require to use the device.
●
Restrict access to the management of the device with rules in an access control list
(ACL).
●
The option of VLAN structuring provides protection against DoS attacks and unauthorized
access. Check whether this is practical or useful in your environment.
●
Use a central logging server to log changes and accesses. Operate your logging server
within the protected network area and check the logging information regularly.
Passwords
●
Define rules for the assignment of passwords.
●
Regularly change your passwords to increase security.
●
Use passwords with a high password strength.
●
Make sure that all passwords are protected and inaccessible to unauthorized persons.
●
Do not use the same password for different users and systems.
Certificates and keys
●
On the device there is a preset SSL certificate with key. Replace this certificate with a
self-made certificate with key. We recommend that you use a certificate signed either by
a reliable external or by an internal certification authority.
●
Use a certification authority including key revocation and management to sign certificates.
●
Make sure that user-defined private keys are protected and inaccessible to unauthorized
persons.
●
It is recommended that you use password-protected certificates in the PKCS #12 format
●
Verify certificates and fingerprints on the server and client to prevent "man in the middle"
attacks.
●
It is recommended that you use certificates with a key length of at least 2048 bits.
●
Change certificates and keys immediately, if there is a suspicion of compromise.